Solved Firefox hijacked with ib.adnxs.com, televison fanatics etc.

Status
Not open for further replies.
MyOpicVoid

MyOpicVoid

Posts: 14   +0
I have this annoying popup that prevents the autofill from executing all the while poping up different advertisements.

GMER created no log. MBAM and DDS logs follow.

Thanks for your help.

MBAM Log:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dave :: DAVE-PC [administrator]

Protection: Disabled

8/28/2012 2:52:15 PM
mbam-log-2012-08-28 (14-52-15).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 555253
Time elapsed: 1 hour(s), 14 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Dave at 14:36:11 on 2012-08-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4037 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
mStart Page = hxxp://www.google.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk"&"inst=NzctODU4Mzg0Njg1LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=369706482d2247d188d1d16fd83669e9-9054b2b877d6f95f84d6fb55aa99be4936aae1ce
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{B6A25829-8906-43F5-B0C6-A79415B42864} : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{EF1AE83D-E63F-4E93-94A2-F781824DB9E0} : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{EF1AE83D-E63F-4E93-94A2-F781824DB9E0}\4516A602D4168616C6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EF1AE83D-E63F-4E93-94A2-F781824DB9E0}\E416E63697E45647E4 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk"&"inst=NzctODU4Mzg0Njg1LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=369706482d2247d188d1d16fd83669e9-9054b2b877d6f95f84d6fb55aa99be4936aae1ce
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\b6ov46yq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\b6ov46yq.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - e401fd1600000000000000269ed2801a
FF - user.js: extensions.BabylonToolbar_i.hardId - e401fd1600000000000000269ed2801a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15369
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:46:47
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/15 00:49:23];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-1-15 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2011-9-28 89600]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-24 655944]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-8-15 69640]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2009-7-13 1656112]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 227896]
R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-23 1262400]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-11 113120]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\system32\DRIVERS\PTDUBus.sys --> C:\Windows\system32\DRIVERS\PTDUBus.sys [?]
S3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\system32\DRIVERS\PTDUMdm.sys --> C:\Windows\system32\DRIVERS\PTDUMdm.sys [?]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\system32\DRIVERS\PTDUVsp.sys --> C:\Windows\system32\DRIVERS\PTDUVsp.sys [?]
S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\system32\DRIVERS\PTDUWFLT.sys --> C:\Windows\system32\DRIVERS\PTDUWFLT.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\system32\DRIVERS\PTDUWWAN.sys --> C:\Windows\system32\DRIVERS\PTDUWWAN.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-5 250056]
.
=============== Created Last 30 ================
.
2012-08-28 17:38:54 -------- d-----w- C:\$RECYCLE.BIN
2012-08-28 15:03:32 -------- d-----w- C:\Users\Dave\AppData\Local\Threat Expert
2012-08-28 14:50:55 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-08-28 14:44:21 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-08-28 14:44:21 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-08-28 14:43:59 -------- d-----w- C:\ProgramData\PC Tools
2012-08-28 14:43:58 -------- d-----w- C:\Users\Dave\AppData\Roaming\TestApp
2012-08-28 12:38:12 -------- d-----w- C:\Users\Dave\AppData\Roaming\Anvisoft
2012-08-28 12:38:04 -------- d-----w- C:\ProgramData\Anvisoft
2012-08-28 12:38:00 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-08-28 10:50:20 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1F80653-20EC-49D8-BAB8-15530F66650D}\mpengine.dll
2012-08-28 02:02:53 35720 ----a-w- C:\Windows\System32\drivers\PROCEXP152.SYS
2012-08-28 01:17:41 -------- d-----w- C:\ProgramData\GFI Software
2012-08-27 21:12:44 -------- d-----w- C:\Users\Dave\AppData\Local\adawarebp
2012-08-27 20:40:53 -------- d-----w- C:\ProgramData\dvdfab
2012-08-27 20:36:29 -------- d-----w- C:\Program Files (x86)\DVDFab 8 Qt
2012-08-26 10:59:43 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-08-25 21:24:11 98816 ----a-w- C:\Windows\sed.exe
2012-08-25 21:24:11 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-25 21:24:11 256000 ----a-w- C:\Windows\PEV.exe
2012-08-25 21:24:11 208896 ----a-w- C:\Windows\MBR.exe
2012-08-25 02:47:35 -------- d-----w- C:\Users\Dave\AppData\Roaming\Curiolab
2012-08-25 02:03:40 -------- d-----w- C:\Users\Dave\AppData\Roaming\Malwarebytes
2012-08-25 02:03:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-25 02:03:29 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-25 02:03:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-23 11:21:49 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-22 23:03:28 -------- d-----w- C:\Users\Dave\AppData\Roaming\TuneUp Software
2012-08-22 23:02:57 -------- d-----w- C:\ProgramData\TuneUp Software
2012-08-22 23:02:40 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-22 16:29:06 -------- d-----w- C:\Windows\pss
2012-08-22 13:27:20 -------- d-----w- C:\drivers
2012-08-22 02:47:24 -------- d-----w- C:\Users\Dave\AppData\Roaming\Downloaded Installations
2012-08-22 01:44:22 -------- d-----w- C:\Users\Dave\AppData\Roaming\5400 Series
2012-08-21 23:21:39 -------- d-----w- C:\Program Files\Lx_cats
2012-08-21 23:19:10 45056 ----a-w- C:\Windows\System32\lxctpmon.dll
2012-08-21 23:19:10 14336 ----a-w- C:\Windows\System32\LXCTFXPU.DLL
2012-08-21 23:18:50 3584 ----a-w- C:\Windows\System32\lxctpmrc.dll
2012-08-21 23:18:43 -------- d-----w- C:\ProgramData\5400 Series
2012-08-21 23:17:44 -------- d-----w- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
2012-08-20 11:11:11 -------- d-----w- C:\Users\Dave\.autobahn
2012-08-19 00:50:46 -------- d-----w- C:\Users\Dave\AppData\Roaming\NVIDIA
2012-08-19 00:50:37 -------- d-----w- C:\Users\Dave\AppData\Roaming\Xilisoft
2012-08-19 00:41:30 -------- d-----w- C:\Program Files (x86)\Xilisoft
2012-08-19 00:30:10 -------- d-----w- C:\Users\Dave\.swt
2012-08-19 00:26:45 -------- d-----w- C:\Users\Dave\AppData\Roaming\AVS4YOU
2012-08-19 00:25:42 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-08-19 00:25:42 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2012-08-19 00:25:42 -------- d-----w- C:\ProgramData\AVS4YOU
2012-08-19 00:25:42 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2012-08-19 00:25:42 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2012-08-16 18:24:26 -------- d-----w- C:\Users\Dave\AppData\Roaming\AnvSoft
2012-08-16 18:09:35 -------- d-----w- C:\Users\Dave\AppData\Roaming\tiger-k
2012-08-16 18:09:34 -------- d-----w- C:\Users\Dave\AppData\Roaming\Leawo
2012-08-16 18:09:34 -------- d-----w- C:\ProgramData\Leawo
2012-08-15 23:23:19 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 23:23:19 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 23:23:15 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 23:23:14 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 23:23:14 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 23:23:14 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 23:23:12 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 23:23:12 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 23:23:12 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 23:23:09 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 23:23:08 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 18:13:44 69640 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE
2012-08-08 12:08:13 -------- d-----w- C:\GBC
2012-08-08 11:59:12 -------- d-----w- C:\Program Files (x86)\Activision
2012-08-06 17:21:14 44624 ----a-w- C:\Windows\System32\drivers\DKRtWrt.sys
2012-08-06 17:21:05 -------- d-----w- C:\ProgramData\Diskeeper Corporation
2012-08-06 17:21:05 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation
2012-08-06 17:20:54 -------- d-----w- C:\Program Files\Diskeeper Corporation
2012-08-06 12:25:25 -------- d-----w- C:\Users\Dave\AppData\Roaming\Advanced Defrag
2012-08-06 12:23:28 -------- d-----w- C:\Program Files (x86)\Diskeeper
2012-08-05 20:18:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-05 20:18:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-03 23:00:00 -------- d-----w- C:\Program Files (x86)\SDA
2012-08-03 21:34:00 -------- d-----w- C:\Liberty Trading
.
==================== Find3M ====================
.
2012-08-23 11:21:22 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-17 12:26:31 900 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-19 02:43:58 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-06-06 12:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 14:36:30.76 ===============
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
Wow DragonMaster Jay - That was quick! Thank you.

Adwcleaner follows:

# AdwCleaner v1.801 - Logfile created 08/28/2012 at 17:37:41
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dave - DAVE-PC
# Boot Mode : Normal
# Running from : C:\Downs\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\vShare.tv plugin
File Found : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\b6ov46yq.default\searchplugins\Askcom.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Freeze.com
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKCU\Software\StartSearch
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\b6ov46yq.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100486");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 29);
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Found : user_pref("extensions.BabylonToolbar.id", "e401fd1600000000000000269ed2801a");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15369");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100486&babsrc=adbar[...]
Found : user_pref("extensions.BabylonToolbar.lastDP", 29);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1721:46:47");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 66452374);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1721:46:47");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100486");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "e401fd1600000000000000269ed2801a");
Found : user_pref("extensions.BabylonToolbar_i.id", "e401fd1600000000000000269ed2801a");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15369");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:46:47");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11184 octets] - [28/08/2012 17:37:41]

########## EOF - C:\AdwCleaner[R1].txt - [11313 octets] ##########
 
I'm here to help. :D

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Remove the Adware.
  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
Please post the log.
 
TDSSkiller log attached. 0 objects found.

Thank you.
 

Attachments

  • TDSSKiller.2.8.8.0_29.08.2012_06.27.35_log.zip
    24.6 KB · Views: 3
AdwCleaner was done?

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.
 
Thanks DragonmasterJay!

Yes Adwcleaner was posted above - right before the TDSSkiller info. It was clean also. I'll run again if needed.

Eset follows: I believe the ESET found the variant!

Here's what it found:

C:\Downs\converterlite_d136315.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
 
I saw the first log from AdwCleaner, but then I asked you to remove the adware using AdwCleaner. I did not see the fix log from that, which shows they are all deleted. You did get them all fixed, right?

Run one more scan from AdwCleaner, please, and post a new log.
 
Lost my skull on that one. My apologies.

Here the log:

# AdwCleaner v1.801 - Logfile created 08/31/2012 at 08:20:05
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dave - DAVE-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Downs\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Dave\AppData\Local\Temp\TempDir
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\vShare.tv plugin
File Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles

\b6ov46yq.default\searchplugins\Askcom.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins

\npvsharetvplg.dll

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Freeze.com
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig

\startupreg\ApnUpdater

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-

A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-

B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-

8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-

AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-

95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-

BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-

9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-

8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-

9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-

8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-

A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-

A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-

B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-

A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-

8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5

-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603

-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-

9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-

85FF-CDC9EB5DB10B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes

\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext

\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext

\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar

\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar

\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-

4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127

-433C-98EC-4C9412B5FC3A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-

BB2B-4249-B5E0-D145A8C982E1}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9

-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-

184A-4434-B331-296B07493D2D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-

4CA0-B789-9921674C3993}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359

-4B10-B227-F96A77DB773F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-

4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288

-4FD3-A9EB-7EE27FA65599}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-

4317-8DD6-45AD1FE00047}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-

46E0-B584-FE61C0BB6037}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-

646C-4512-969B-9BE3E580D393}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85

-4CA0-BA69-1B67E7AB3D68}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-

441F-A398-CD6CB6B3D020}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27

-45C7-BC0C-8E6EA7F085D6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-

4D94-80F7-CFB154BF55BD}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1

-45D1-B316-F5625004A28C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4

-4F4D-8C13-DF2C9899F82E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83

-4BB8-9C0D-4A5163774997}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles

\b6ov46yq.default\prefs.js

C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\b6ov46yq.default

\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab",

"search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack",

"affID=100486");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 29);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id",

"e401fd1600000000000000269ed2801a");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15369");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl",

"hxxp://search.babylon.com/?AF=100486&babsrc=adbar[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 29);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs",

"1.5.3.1721:46:47");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl",

"hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct",

"BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 66452374);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs",

"1.5.3.1721:46:47");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack",

"affID=100486");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId",

"e401fd1600000000000000269ed2801a");
Deleted : user_pref("extensions.BabylonToolbar_i.id",

"e401fd1600000000000000269ed2801a");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15369");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct",

"BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs",

"1.5.3.1721:46:47");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default

\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11243 octets] - [28/08/2012 17:37:41]
AdwCleaner[R2].txt - [11512 octets] - [30/08/2012 07:03:55]
AdwCleaner[R3].txt - [11536 octets] - [31/08/2012 08:14:31]
AdwCleaner[S1].txt - [337 octets] - [31/08/2012 08:15:03]
AdwCleaner[R4].txt - [11591 octets] - [31/08/2012 08:19:47]
AdwCleaner[S2].txt - [10389 octets] - [31/08/2012 08:20:05]

########## EOF - C:\AdwCleaner[S2].txt - [10518 octets] ##########
 
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Yes - Firefox browser which is version 15.0 is till getting hijacked. When I open Yahoo.com I'll get the home page and as soon as I click on another link I'll get a pop up from ib.adnxs.com. I have the pop-up blocker on in Firefox.

Should I delete Firefox and all files and do a clean re-install?

My laptop is not slow - I do not suffer BSOD's, no svchosts are hogging the system nor do I have any fake anti-virus messages.
 
Let's do another check here...

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
    %AppData%\Local\
    %systemroot%\system32\sysprep
    *.xpi /md5
    %systemroot%\Downloaded Program Files\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.exe /md5
    "%WinDir%\$NtUninstallKB*$." /30
    %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\Installer\ /s
    %systemroot%\system32\Cache\ /s
    %systemroot%\system32\config\systemprofile\Application Data /s
    %PROGRAMFILES%\*.
    %appdata%\*.*
    /md5start
    volsnap.sys
    services.exe
    userinit.exe
    afd.sys
    tcpip.sys
    netbt.sys
    ipsec.sys
    dnsrslvr.dll
    ipnathlp.dll
    netman.dll
    WMIsvc.dll
    srsvc.dll
    sr.sys
    wscsvc.dll
    wuauserv.dll
    qmgr.dll
    es.dll
    cryptsvc.dll
    svchost.exe
    rpcss.dll
    tdx.sys
    wininit.exe
    winlogon.exe
    atapi.sys
    explorer.exe
    /md5stop
  • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
 
Thanks DragonMasterJay! Ran OTL with the options you specified. I
Here's the log zipped.

Here's the extras log:

OTL Extras logfile created on: 9/2/2012 5:51:23 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Downs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.24 Gb Available Physical Memory | 54.02% Memory free
11.98 Gb Paging File | 9.20 Gb Available in Paging File | 76.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.41 Gb Total Space | 95.41 Gb Free Space | 21.18% Space Free | Partition Type: NTFS
Drive D: | 15.05 Gb Total Space | 2.48 Gb Free Space | 16.44% Space Free | Partition Type: NTFS
Drive E: | 4.61 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F342D4-52A0-4A8C-8928-590A668A94AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2318834F-BCE1-44B3-AB89-17E9F347AFF2}" = rport=445 | protocol=6 | dir=out | app=system |
"{42537E6D-8098-409C-AB23-DEFFD8A421D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47ECB931-23A3-4A9E-90E1-927FF9223470}" = rport=138 | protocol=17 | dir=out | app=system |
"{4C6E0D9E-197E-4743-A5EC-58E7808A8559}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60F90195-85F2-447E-AAA3-A0DC22D4098B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{804C3076-AF72-4F16-BC9C-15E0F8251ACE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C3B69DC-131C-4582-A998-C843613B442C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{994C5459-97E7-4556-B78B-CAE2A2C18C5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A8D1737-63E0-41C0-B512-60BA1326A5FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A1FC0F8C-B2D1-4ABD-AB3E-105400A7C2A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B16240D3-1D00-4D6F-AE21-A3C51C9E6FC6}" = lport=139 | protocol=6 | dir=in | app=system |
"{C0D5B060-6071-4ADC-BF19-9FFA062BD1ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C3537A3E-3B71-4532-BD93-19B49AE318D4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C87C3880-4DB4-415E-BAED-F0BC70813A44}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD5B19F9-34F9-48CB-8A7F-65B5E5F2A9CC}" = lport=138 | protocol=17 | dir=in | app=system |
"{CE6DEF57-CCBA-4AB4-8680-70E0CC01E314}" = rport=139 | protocol=6 | dir=out | app=system |
"{D61941F2-2BC4-4162-8EDC-3D690530C49F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7C54F35-10F0-4A79-8898-26A949E93931}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9134008-A7E1-48FD-AE4F-23B545F5F645}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DB606A14-3746-4BF2-A765-1F3ECF410FD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E2679F1E-4B69-419C-A0AE-5BAC608E0873}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC3C3F82-3320-482A-9F4A-6D6F2418CF02}" = lport=137 | protocol=17 | dir=in | app=system |
"{FBA41AD7-1B1D-45EC-A5E6-A455BB41B0E4}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0163385B-39A0-4CD7-A1F6-9FB4CD320377}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{05E57ACC-648B-435F-BFAC-352327C3938F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0CE71E05-C46E-4243-9D2D-70BB39D958CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1312FFFF-CBF7-4A44-9AC3-920F5634F8E3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{20323597-E9EB-4324-BDFA-53245327B1C5}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{23F81A88-E511-4061-8684-5C8E7E3BE02C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2CCAD159-8DDE-4E35-AF1D-B43D0E947CDD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{3BC70816-86F9-4BC2-B6BD-227BCAC54975}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{43EE41A1-CA83-4425-AECF-188C1A1EB3E7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{44FBD3F9-9A0E-43CC-A3A2-05855F399A6B}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\major league baseball 2k12\mlb2k12.exe |
"{47B995BF-1C1E-4AC4-854D-D726109D44A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{48E9EC24-6D8F-4DAE-B4A7-E8474B232891}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53BB6050-2D42-40CD-8648-E7343ED6DEC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{54010F27-14F6-409D-9089-C435CCEFF183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{58C93496-1A27-4B9A-930E-083F6D18C0D9}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5C4CA65A-95BA-4D48-B629-2C23FC649F5F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{6166EDA8-EB6C-47C8-8A6C-BE8E705BDC1D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{7C91334C-8684-4680-A3D9-DC0C1C1E5184}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7F3890D5-BB42-42FF-86E7-A80892FBF034}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{811AF763-927D-46CD-A982-4575AEDF582D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83C31BDD-9EB0-4D01-B10A-4E7DF7D8FBBF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{898D926B-A959-4F19-B3C4-C0EFF83BAC6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FC73368-916A-4609-93C3-6AE90FB1D5E1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91BC313C-1458-40C8-A397-3C33BBB4C08F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94D8A4B8-5C56-4EAF-A3B2-242CA43D2D85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2873CDB-2C8B-41C2-901E-CC57DDEA5675}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A6FAAAC1-69AF-4EB3-8329-996174155058}" = protocol=6 | dir=out | app=system |
"{B0FC0258-6088-414F-AE56-F7F02CEA0771}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{B980276C-201E-40E1-9339-A763F5F765E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAEB8511-B646-4433-87DD-41D42ECB475D}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{BF557DFD-71F1-41C0-BA8D-4A63B5CC9016}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1AF29B9-19D1-4C4D-A7DD-416C49BA92CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E0963ABF-76BB-426F-8CA6-DD820406BA51}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{E1786CBE-2AAD-4C6B-B29B-7FCAB2589C9A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{E406D663-BDBD-4661-8B8F-AC5553D0AA6B}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\major league baseball 2k12\mlb2k12.exe |
"{E9C0D81E-878B-492C-9BAC-67D8E59DCACD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F9887AB8-9512-4191-A838-54A6D5D9925D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7ECE8B97-924C-4886-857D-B5F144C8F7B8}" = Diskeeper 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D641F4CB-0CA6-4C32-927F-164D6612680D}" = Windows 7 Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}" = DigitalPersona Personal 4.11
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018E0FC0-D281-495D-85CE-0F4116F8A493}" = Virtual Weather Station
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0665989D-2BD9-428B-B433-EF648427C8B0}" = HP User Guides 0143
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729E66B3-1B80-4F2F-8D19-342A89631E0A}_is1" = Wav to Mp3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOKR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90F6051D-A69F-4159-9203-7E20430E1056}" = HP MediaSmart SlingPlayer
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E6C29DA3-ADD6-4941-903A-43965CBB0F7C}" = Major League Baseball 2K12
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F13FBD0E-5CE1-4A3F-A4F0-C8633CB7B4DD}" = HP Product Detection
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F60123EE-7E9F-48BB-846D-5CC7C1536CE0}" = Weather OS
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.4" = 3ivx MPEG-4 5.0.4 (remove only)
"8461-7759-5462-8226" = Vuze
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Armored Fist 3" = Armored Fist 3
"Audiograbber" = Audiograbber 1.83 SE
"Autobahn" = NexDef Plug-in
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Cisco Connect" = Cisco Connect
"Cool Edit 2000" = Cool Edit 2000
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Diskeeper2011" = Diskeeper
"DVDFab 8 Qt_is1" = DVDFab 8.2.0.7 (25/08/2012) Qt
"ESET Online Scanner" = ESET Online Scanner v3
"Exterminate It!" = Exterminate It!
"GIMPshop" = GIMPshop .1 beta
"Hank Haney's World Golf_is1" = Hank Haney's World Golf
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicIP Mixer_is1" = MusicIP Mixer 1.8.1
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Soulseek2" = SoulSeek 157 NS 13e
"Strat-O-Matic Baseball 2012f" = Strat-O-Matic Baseball 2012f
"Strat-O-Matic CD-ROM Ver12.0" = Strat-O-Matic CD-ROM Ver12.0
"StreamTorrent 1.0" = StreamTorrent 1.0
"VLC media player" = VLC media player 2.0.2
"vShare.tv plugin" = vShare.tv plugin 1.3
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ccef69bf6a7f0755" = Deep Remove
"CopyTrans Suite" = CopyTrans Suite Remove Only
"NetAssistant 3.6.5" = NetAssistant for Firefox
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2012 8:42:22 AM | Computer Name = Dave-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Downs\esetsmartinstaller_enu(1).exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/31/2012 8:19:34 AM | Computer Name = Dave-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Downs\esetsmartinstaller_enu(1).exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/31/2012 8:19:34 AM | Computer Name = Dave-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Downs\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/1/2012 7:41:43 PM | Computer Name = Dave-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Downs\esetsmartinstaller_enu(1).exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/1/2012 7:41:43 PM | Computer Name = Dave-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Downs\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 8/31/2012 8:19:07 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/31/2012 8:19:07 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/31/2012 8:19:07 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/31/2012 8:19:07 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/31/2012 8:19:08 AM | Computer Name = Dave-PC | Source = DCOM | ID = 10005
Description =

Error - 8/31/2012 8:19:08 AM | Computer Name = Dave-PC | Source = DCOM | ID = 10005
Description =

Error - 8/31/2012 8:21:27 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 8/31/2012 8:23:39 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 8/31/2012 8:23:39 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 9/1/2012 7:28:58 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7034
Description = The Diskeeper service terminated unexpectedly. It has done this 1
time(s).


< End of report >
 

Attachments

  • OTL.zip
    28.1 KB · Views: 3
Please run OTL
 
Thanks DMJ! Here's the log:

All processes killed
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q...dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1606> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{8CA39903-AAFF-4D83-AB70-FD7819EA2198}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=82C7B1A7-C689-4217-8A5B-53BBFB9BFD0F> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{E7272674-B21E-4C49-9053-E7D892B58080}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{E8FF2A25-94E5-4871-B9C8-7147B3770A46}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=ff9e2c80-f832-11e0-9347-00269ed2801a&q={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{E7272674-B21E-4C49-9053-E7D892B58080}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{E7272674-B21E-4C49-9053-E7D892B58080}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.6.2)> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:0D786AE3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dave
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 123043 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16891929 bytes
->Flash cache emptied: 506 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb

Error: Unable to interpret <Then click the Run Fix button at the top.> in the current context!
Error: Unable to interpret <Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.> in the current context!
Error: Unable to interpret <Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.> in the current context!
Error: Unable to interpret <Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)> in the current context!

OTL by OldTimer - Version 3.2.59.1 log created on 09032012_070635

Files\Folders moved on Reboot...
C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
You have to include the :OTL part of the bold text in with the fixes, it has to be in there in order for the tool to kill the infection.

If you need help with the script, download the attached file, open it, and copy and paste that code to the Custom Scans/Fixes box, lastly hit Run Fix.
 

Attachments

  • fixes.txt
    1.9 KB · Views: 2
Thanks DMJ. Bad cut and paste I guess. Can't believe I missed that.

Here's the log with OTL command included:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CA39903-AAFF-4D83-AB70-FD7819EA2198}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CA39903-AAFF-4D83-AB70-FD7819EA2198}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7272674-B21E-4C49-9053-E7D892B58080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7272674-B21E-4C49-9053-E7D892B58080}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E8FF2A25-94E5-4871-B9C8-7147B3770A46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8FF2A25-94E5-4871-B9C8-7147B3770A46}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7272674-B21E-4C49-9053-E7D892B58080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7272674-B21E-4C49-9053-E7D892B58080}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7272674-B21E-4C49-9053-E7D892B58080}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7272674-B21E-4C49-9053-E7D892B58080}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
ADS C:\ProgramData\Temp:0D786AE3 deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dave
->Temp folder emptied: 1024102 bytes
->Temporary Internet Files folder emptied: 5153224 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54890125 bytes
->Flash cache emptied: 1073 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09042012_063055

Files\Folders moved on Reboot...
C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Allow me to observe how this laptop operates today.

I always run Super Anti-Spyware every morning and this is the first run where it highlighted and deleted a idnxs.com cookies file under my share name. In WIN7 the permissions of this file are always set as not accessible.

In the programs that you had me run what did you see that showed this hijacker was deleted?

Thanks for your help. You're the best!
 
DMJ - I do believe you have drilled this thing. I haven't seen a pop up all day. Great work. Thank you.
 
Excellent! If there are no more issues, then we shall finish up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran CCleaner
  • Ran Security Check
Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
 
All tasks completed.

Log from Security check follows:

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java(TM) 6 Update 33
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Adobe Reader X 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (15.0)
Mozilla Thunderbird 14.0. Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

I also run Super AntiSpyware but for some reason it did not start after the reboot OTL requested.

Thanks for all your help.
 
Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?
 
I think I'm all set. What was I infected with and what actually stopped it? Looking at the logs myself I never did notice what this thing was or called?

Thanks again for all your help. Your instructions were easy to follow and very timely.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back